@jshookmcp/jshook

June 19, 2026 · View on GitHub

License: AGPLv3 Node.js 22.12+ TypeScript MCP pnpm

English | 中文

An MCP server that gives AI agents 402 tools across 36 domains for JavaScript analysis and security research — browser automation, CDP debugging, network interception, JS hooks, LLM-powered code analysis, process/memory forensics, WASM reverse engineering, source-map reconstruction, AST transforms, and composite workflows in a single server.

🚀 Quick Start

No global install needed — add to your MCP client config and you're ready:

Claude Desktop / Cursor (claude_desktop_config.json):

{
  "mcpServers": {
    "jshook": {
      "command": "npx",
      "args": ["-y", "@jshookmcp/jshook@latest"],
      "env": { "JSHOOK_BASE_PROFILE": "search" }
    }
  }
}

(Windows: use npx.cmd absolute path if npx is not found)

🌟 Highlights

  • 🤖 AI-Driven Analysis — LLM-powered deobfuscation, crypto detection, AST comprehension
  • Search-First Context Efficiencysearch profile ≈ 3K tokens vs full ≈ 40K+ tokens
  • 🎯 Progressive Tierssearchworkflowfull, activate on demand
  • 🌐 Full-Stack Browser Automation — Chromium/Camoufox + CDP + anti-detection + CAPTCHA handling
  • 🔁 Runtime Recovery and Session Isolation — HTTP sessions restore activated domains, browser attach state, coverage state, and isolate browser-side session state per client
  • 🧭 Schema-First Meta Toolsdescribe_tool, validated call_tool, and coverage_report reduce parameter errors and make tool coverage visible
  • 📡 Network Interception — HTTP/2 frame building, MiTM capture, GraphQL, Burp Suite bridge
  • 🛠️ Reverse Engineering Toolchain — WASM disassembly, binary analysis, Frida, Ghidra/IDA bridges
  • 🧰 Process & Memory Forensics — Native FFI scanning, hardware breakpoints, PE introspection
  • 🧩 Dynamic Extensibility — Hot-reload plugins, declarative workflows, auto-discovered domains

Recent Runtime Notes

  • HTTP transport now multiplexes independent MCP sessions and restores runtime state after reconnects.
  • proxy_start auto-generates a local HTTPS interception CA when needed.
  • Browser CAPTCHA solving is now explicit-input driven: pass taskKind, siteKey, imageBase64, callbackName, and responseSelector as needed. Built-in widget/page signature probing is intentionally not used.

Architecture

  • Runtime Registry — Domains auto-discovered via manifest.ts; add a domain by creating one file
  • Lazy Initialization — Handlers instantiated on first call, not at startup
  • BM25 + Vector Searchsearch_tools meta-tool with hybrid ranking and adaptive weights
  • MCP ToolAnnotations — Every tool carries readOnlyHint / destructiveHint / idempotentHint / openWorldHint

Registry Snapshot

The built-in surface below is generated from the runtime registry and checked in CI.

  • Package version: 0.3.3
  • Built-in Tools: 489
  • Domains: adb-bridge, binary-instrument, boringssl-inspector, browser, canvas, coordination, core, cross-domain, dart-inspector, debugger, encoding, exploit-dev, extension-registry, graphql, instrumentation, maintenance, memory, mojo-ipc, native-emulator, network, platform, process, protocol-analysis, proxy, sourcemap, streaming, syscall-hook, trace, transform, v8-inspector, wasm, webgpu, workflow
  • Note: this snapshot is generated from the runtime registry; do not edit the counts by hand.

View the complete Tool Reference ↗

Project Stats

Star History Chart

Activity